LDAP integration with either filter or multiple DN

[Jorn Eilander <jo...@cannonfodder.nl>]

Hey Guys,

Following issue:

I have an extremely large, corporate, LDAP; It limits the amount of records
I can pick up; This means I have to set the Ambari LDAP base dn quite
narrow (ie.: ou=hdp-groups,ou=department,ou=groups,o=corp)

In this base dn are several groupOfUniqueNames with in them uniqueMember;
Ambari ldap-sync correctly sees the groupOfUniqueNames and uniqueMembers.
The uniqueMembers however refer to a different base dn: ou=people,o=corp.

Ambari now skips these users claiming:
"User 'XYZ' is out of scope of the base DN. It will be skipped."

Setting the base dn to o=corp is far to wide, since ldap-sync is trying to
find all relevant objectClasses in the entire tree, LDAP kicks it out.

Is there any way I can either do a proper filter on where to find the
specific objectclasses or set a seconday base dn or something?

With kind regards,

Jorn Eilander